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HOW IMPORTANT IS YOUR DATA? 


Years of family photos. Your entire music 
and movie collection. Office documents 
you've put hours of work into. Backups for 
every computer you own. We ask again, how 
important is your data? 


NOW IMAGINE LOSING IT ALL 


Losing one bit - that’s all it takes. One single bit, and 
your file is gone. 





The worst part? You won't know until you 
absolutely need that file again. Example of one-bit corruption 


THE SOLUTION 


The FreeNAS Mini has emerged as the clear choice to The Mini boasts these state-of-the- 
save your digital life. No other NAS in its class offers art features: 
ECC (error correcting code) memory and ZFS bitrot 


protection to ensure data always reaches disk * 8-core 2.4GHZ Intel® Atom™ processor 
: : . + Up to 16TB of storage capacity 
without corruption and never degrades over time. 


+ 16GB of ECC memory (with the option to upgrade 
to 32GB) 


No other NAS combines the inherent data integrity + 2x 1 Gigabit network controllers 
+ Remote management port (IPM) 


- Tool-less design; hot swappable drive trays 
encryption. No other NAS provides comparable power - FreeNAS installed and configured 


and flexibility. The FreeNAS Mini is, hands-down, the 
best home and small office storage appliance you can 
buy on the market. When it comes to saving your 
important data, there simply is no other solution. 


and security of the ZFS filesystem with fast on-disk 
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FREENAS 


CERTIFIED 
STORAGE 


With over six million downloads, 
FreeNAS is undisputedly the most 
popular storage operating system 
in the world. 


Sure, you could build your own FreeNAS system: 
research every hardware option, order all the 

parts, wait for everything to ship and arrive, vent at 
customer service because it hasnt, and finally build it 
yourself while hoping everything fits - only to install 
the software and discover that the system you spent 
days agonizing over isn’t even compatible. Or... 


MAKE IT EASY ON YOURSELF 


As the sponsors and lead developers of the FreeNAS 
project, iXsystems has combined over 20 years of 
hardware experience with our FreeNAS expertise to 
bring you FreeNAS Certified Storage. We make it 
easy to enjoy all the benefits of FreeNAS without 
the headache of building, setting up, configuring, 
and supporting it yourself. As one of the leaders in 
the storage industry, you know that you're getting the 
best combination of hardware designed for optimal 
performance with FreeNAS. 


Every FreeNAS server we ship is... 


» Custom built and optimized for your use case 

» Installed, configured, tested, and guaranteed to work out 
of the box 

» Supported by the Silicon Valley team that designed and 
built it 

» Backed by a 3 years parts and labor limited warranty 


http://www.iXsystems.com/storage/freenas-certified-storage/ 
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As one of the leaders in the storage industry, you 
know that you're getting the best combination 

of hardware designed for optimal performance 

with FreeNAS. Contact us today for a FREE Risk 
Elimination Consultation with one of our FreeNAS 
experts. Remember, every purchase directly supports 
the FreeNAS project so we can continue adding 
features and improvements to the software for years 
to come. And really - why would you buy a FreeNAS 
server from anyone else? 





FreeNAS 1U 

+ Intel* Xeon* Processor E3-1200v2 Family 

+ Up to 16TB of storage capacity 

+ 16GB ECC memory (upgradable to 32GB) 

+ 2x 10/100/1000 Gigabit Ethernet controllers 
+ Redundant power supply 


FreeNAS 2U 
+ 2x Intel* Xeon* Processors E5-2600v2 Family 
+ Up to 48TB of storage capacity 
+ 32GB ECC memory (upgradable to 128GB) 
+ 4x 1GbE Network interface (Onboard) - 
(Upgradable to 2 x 10 Gigabit Interface) 
+ Redundant Power Supply 
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Dear Readers, 


| know that many of you don’t celebrate Christmas, but | 
hope that for all of you, December and the end of the year 
will be a wonderful time, no matter where you come from, 
which language you speak or what your beliefs are. 
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| also know that you have been waiting for more FreeBSD 
related articles. So, here they are. 


Editor in Chief: 


Great as always, David Carlier will introduce you to Develop- lana Ficmianawice 

ment Tools on FreeBSD. If you would like to switch from 

Linux to FreeBSD, this article is definitely for you. marta.ziemianowicz@software.com.pl 
The next article is an introduction to NetBSD. Siju Oommen Contributing: 


George wrote a guide that is another must read for all begin- 
ners, but | hope that professionals and old timers will like it 
as well. 


David Carlier, Siju Oommen, Damian Czernous, Michael Boelem, Valerie 
Heatley, Mark VonFange, Roger Pau Monne and Rob Somerville. 


Top Betatesters & Proofreaders: 
After BSD articles, it is time for something new. Say “Hi” to 
Damian Czernous and the origins of Model View Whatever. Annie Zhang, Denise Ebery, Eric Geissinger, Luca Ferrari, Imad Soltani, 
Not really related to Open Source? Maybe it will be useful Olaoluwa Omokanwaye, Radjis Mahangoe, Mani Kanth, Ben Milman, Mark 
; : : VonFange and David Carlier 
for some of you anyway and will broaden your horizons. : 


oe Special Thanks: 
Roger Pau Monné will introduce you to Xen and how to 


have a little fun with it. If you would like to know how to pre- Annie Zhang 
pare the host, install Xen and create Guests, dive in right 
now! Denise Ebery 


Hope you will enjoy our interviews with Valerie Heatley and DTP: 


Michael Boelem. Valerie is a super nice Recruiter in Speer- 


Roreaaient 
head - The Global Leader in DevOps Recruitment. Read Shear cineeneeten 


what is hot on DevOps recruitment market at the moment. Senior Consultant/Publisher: 
Michael is a young entrepreneur, who established CISOfy. 

The company focuses on auditing, hardening and compli- Pawel Marciniak 
ance of information security of Linux and Unix systems. 

Linux enthusiasts, “security is not a one-time event, but a pawel@software.com.pl 
continuous stream of small improvements (and adjust- gen 

ments).” : 


‘ Joanna Kretowicz 
The last two pieces are our columns: 
joanna.kretowicz@software.com.pl 
Mark VonFange from iXsystems will tell you 10 Things Your 
ClO Should Know About TrueNAS. Have you heard about Publisher: 


all of them? 
Hakin9 Media SK 02-676 Warsaw, Poland Postepu 17D Poland worldwide 


: : blishi dit bsd .org www.bsdmag.or: 
And last crumb, our great Rob Somerville and his thoughts Peele? Cah a Paleo i 


about the recent attacks in Paris and evolution of the IT Hakin9 Media SK is looking for partners from all over the world. If you are 
world. Has something gone wrong? interested in cooperation with us, please contact us via e-mail: 
editors@bsdmag.org. 


Enjoy your reading! And have a beautiful December, with anese i adecat ee r 

. ’ : . a3 ragemarks presented in the magazine were used only for informative 
=nlew PF Pally; sun or clouds, let's spend it with our families, purposes. All rights to trademarks presented in the magazine are reserved 
communities and the dearest ones. Don't forget to share by the companies which own them. 
this issue with your favorite open source community ;) 


Marta & BSD Team 
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give you an overview of the possibilities... 
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NetBSD Introduction 17 
by Sijiu Oommen George 


The objective of this article is to introduce the 
NetBSD operating system to people who are new to 
BSDs. The NetBSD project began as a result of frus- 
tration within the 386BSD developer community with 
the pace and direction of the operating system's de- 


velopment. 
GUI 
Model View Whatever - Origins 23 


by Damian Czernous 


This is the first paper of the series about evolution of 
GUI related strategies named Model View Whatever. 
As an engineer, | find myself confident in the soft- 
ware engineering field due to the passion for context 
(history). This series of short papers, divided by ma- 
jor influences that happened through tens of years, 
delivers context and sometimes organises the mess 
around these little letters: M, V and W. 


XEN 
Experimenting with Xen 27 
by Roger Pau Monneé 


Xen is a hypervisor using a microkernel design, pro- 
viding services that allow multiple computer operat- 
ing systems to execute on the same computer hard- 
ware concurrently. 
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TrueNAS Street 
10 Things Your ClO Should Know 
About TrueNAS 52 


by Mark VonFange 


We could write volumes about all the benefits of 
TrueNAS and why it should be in your workplace. 
For the sake of brevity, however, we’ve narrowed it 
down to ten things your CIO should know about True- 
NAS before deciding on a storage solution. 


Rob’s Column 55 


by Rob Somerville 


Presidential hopeful Hillary Clinton has joined an 
ever increasing vocal group to argue for the weaken- 
ing of data encryption. In light of the horrific and inhu- 
man terrorist attacks in Paris this month, what are 
the implications of such ideology but more impor- 
tantly how, as technologists, should we address 
such a moral quagmire? 
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Open source OpenWRT router 
BSD Certification has automatic updates 





CZ.NIC, a non- 
profit organiza- 
tion that runs 
the .CZ top 
level domain of 
the Czech Re- 
public, re- 

leased its first 
Open source hardware and software router design 
called Turris in 2014, offering systems to interested 


The BSD Certification Group Inc. 
(BSDCG) is a non-profit organization 
committed to creating and 
maintaining a global certification 
standard for system administration 
on BSD based operating systems. 





@ WHAT CERTIFICATIONS ARE AVAILABLE? hackers on an invitation-only basis. Now, it is ex- 
panding to a larger base via Indiegogo with a new 
BSDA: Entry-level certification suited for candidates Turris Omnia design touted for its high performance 


with a general Unix background and at least six months of ‘ : : 
security, automatic updates, and multiple servers. 

experience with BSD systems. 

BSDP: Advanced certification for senior system administrators 

with at least three years of experience on BSD systems. 

Successful BSDP candidates are able to demonstrate 

strong to expert skills in BSD Unix system administration. 


The Omnia de- 
sign moves 
from the 


1.2GHZ, 
? 
@ WHERE CAN GET CERTIFIED? Se aie ex 
based 
We’re pleased to announce that after 7 months of 
negotiations and the work required to make the exam Freescale 
available in a computer based format, that the BSDA P2020 that 





exam is now available at several hundred testing centers 
around the world. Paper based BSDA exams cost $75 USD. 
Computer based BSDA exams cost $150 USD. The price of 
the BSDP exams are yet to be determined. 


powers the cur- 
rent Turris de- 
sign to a 1.6GHz dual-core ARM SoC: Marvell's 
Armada-385. The Armada-385 is a member of Mar- 


Payments are made through our registration website: vell’s recently announced, 28nm-fabricated Armada 
https://register.bsdcertification.org//register/payment 38x family of networking SoCs. The SoC is accom- 

panied here with a cryptography chip that offers se- 
@ WHERE CAN I GET MORE INFORMATION? nest etelwel 


http://linuxgizmos.com/open-source-openwrt-router- 


More information and links to our mailing lists, LinkedIn ; 
has-automatic-updates/ 


groups, and Facebook group are available at our website: 
http://www.bsdcertification.org 


Registration for upcoming exam events is available at our 
registration website: 
https://register.bsdcertification.org//register/get-a-bsdcg-id 
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This new Wi-Fi technology is being hailed as one of the best technological innovations happening 
this year. The Power Over WiFi(PoWiFi) system uses 
a WiFi router and its WiFi signals to power the de- 
vices. 


According to the team of engineers at the University 
of Washington, who are behind the PoWiFi, for the 
first time, it’s possible to use WiFi devices to power 
the sensors and other devices. 





The Internet of Things is becoming a much bigger phenomenon with each passing day, and this 
PoWiFi tech could make loT more relevant in the upcoming future years. Using PoWiFi, one 
could harvest the energy in WiFi signals and meet the needs of low-power sensors in devices like 
cameras, wearables, etc. 





Chipzilla's Raspberry Pi-like Galileo was anointed as able- 
to-run-Windows in August 2014, courtesy of the 1.0.2 firm- 
ware update for the Gen1 device. In the same month, Intel 
launched the Gen2 board (which got its stripped-down Win- 
dows 8 version in October 2014). 


Microsoft was also handing out Galileo devices free to de- 
velopers joining its Internet of Things program. 





Alas, there's no weight-loss program good enough to fit Windows 10 loT Core into the Galileo, so 
Redmond has set November 30 as end-of-life for the development boards. 


Raspberry Pi is the officially designated migration target: "Wiring support is now available on Win- 
dows 10 loT Core running on Raspberry Pi 2. This allows you to migrate your existing Galileo pro- 
jects to Windows 10 loT Core", the company notes. 


http://www.theregister.co.uk/2015/11/19/redmond_expels_galileo/ 
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The Linux 4.4 Kernel 





Linux 4.4 is currently around 20.8 million lines or an in- 
crease of about 200 thousand lines of code/documentation 
and a few hundred new files after Linus accepted around 
12,000 commits for this merge window. 


Graphics 
- AMD Stoney support.. 


- There are numerous AMDGPU additions for those with 
an AMD Carrizo, Tonga, or Fiji graphics processor. That in- 
cludes enabling the AMDGPU scheduler by default, new 
AtomBIOS opcodes, and various fixes. 





- There's a Raspberry Pi KMS driver that's landed. Unfortunately for Linux 4.4, this Raspberry Pi 
kernel graphics driver is just for kernel mode-setting and doesn't yet handle 3D hardware accel- 
eration or power management. 


- It has the VirtlO VirGL DRM code! This is used in conjunction with the VirtlO VirGL code in 
Mesa's Gallium3D along with changes in QEMU 2.5 for providing OpenGL acceleration support to 
guest virtual machines over QEMU+KVM with VirtlO. VMWare and VirtualBox have long offered 
3D acceleration to guest VMs and it finally supports on a fully open-source virtualization stack. 


- Nouveau has some re-clocking improvements, better stability, and other enhancements but noth- 
ing too jaw-dropping. There's still no hardware acceleration for the modern GeForce GTX 900 se- 
ries as NVIDIA hasn't yet supplied the developers with the needed signed firmware images. 


- Freedreno's MSM driver has added Snapdragon 820 support as Qualcomm's newest SoC. 


- The Intel DRM code in Linux 4.4 is primarily about fixes and other low-level improvements. The 
primary benefactors of Intel's latest work continues to be Skylake and Broxton graphics hardware. 


- Core DRM code includes more atomic mode-setting work and other changes. 
ARM 

- Several 64-bit ARM updates. 

- More UEFI 2.5 additions that include improvements for EFl on ARM64 / AArch64. 


- ARM SoC and platform updates. 
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Networking 


- New Realtek rtl8xxxu WiFi driver, support for non-root eBPF programs, support for persistent 
maps/programs with eBPF, Very High Throughput MESH support in the ath10k driver, VRF sup- 
port in the IPv6 stack, and other changes. 


http://www. phoronix.com/scan.php?page=article&item=linux-44-features&num=1 





The combination of custom-made hardware paired 
with a tweaked Linux OS makes the Librem laptop 
lineup a unique offering with several innovative secu- 
rity features not offered in any other computer. 


The Librem line is a work in progress. The operating 
system just reached version 2.0 and comes prein- 
stalled on the hardware built with the modified Linux 
kernel in mind. 





LinuxInsider received one of the first available Librem 
13-inch units for testing and review. Our hands-on test- 
ing shows the hardware/software combo is an impressive display of the power and finesse of 
Linux. 


That homegrown refined Linux OS, dubbed PureOS, is designed to address user concerns about 
identity theft, Internet privacy, security and digital rights. It is the first high-end Linux laptop built 
on tailor-made hardware to ensure privacy and compliance with the Free Software Foundation's 
endorsement, according to Todd Weaver, CEO of Purism Computer. 


PureOS runs the Cinnamon desktop. No other desktop flavors are available. 


The Librem 13 is powered by a fifth-generation, 2.2-GHz dual-core Intel Processor. The standard 
specs list 4 GB DDR3L of RAM, expandable to 16 GB. The review unit, however, was loaded with 
8 GB of RAM. 


Storage capacity is provided by a 477.8-GB, 2.5-inch SATA hard drive. Battery performance con- 
sistently provided me with six to eight hours of unplugged service. | let the laptop run on my side 
desk throughout each testing day. 


http://www. linuxinsider.com/story/82722.html 
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The native OpenBSD hypervisor promised in Sep- 
tember has emerged. 


Free, functional, and cone gffy Kernel dev Mike Larkin has posted news of the 

OPENBS ~vs hypervisor, but hosed down expectations along 
| id 

e 






the way. 


Larkin nonetheless reckons "there is enough 
there for people to start playing with running 
OpenBSD VMs." 


http://www.theregister.co.uk/2015/11/23/openbsds_native_hypervisor_emerges/ 





Amazon Web Services has flicked the switch on “EC2 
Dedicated Hosts” - a new cloud service that offers “physi- 
cal servers fully dedicated for your use.” 


The new service applies to over 30 variations of the in- 
stance types in the M4, C3, C4, G2, R3, D2, and 12 in- 
stance types and can run RHEL, Suse, Amazon Linux, 
Ubuntu or Windows Server. The servers only run in AWS's 
ss US East zone for now. 





Servers currently rent by the hour, but AWS is promising it will soon offer “reservations” that will “... 
provide up to a 70% discount compared to the On-Demand price.” 


A general purpose M4 instance on a dedicated host costs US$3.049 an hour in on-demand mode. 


The base configuration for an M4 instances packs a 2.4 GHz Intel Xeon E5-2676 v3, a pair of 
vCPUs and 8GB of RAM. At that price, you'd pay $26,079 a year for a dedicated instance, almost 
certainly well above the price of acquiring a server plus a year's feeding and tending in your own 
bit barn. “Reservations” deep discounting therefore seems eminently sensible, if not necessary to 
make Dedicated Hosts viable. 


http://www.theregister.co.uk/2015/11/24/amazon_web_services_dedicated_hosts/ 
9 


BSD 


MAGAZINE 





Adding a TrueNAS E60 to a TrueNAS Z35 enables scaling 
TrueNAS Unified Storage to 3.84PB, a 150% improvement in addressable capacity, 
and does so in only 35U of rack space, less than half the 
ra rack space of other enterprise storage vendors. A density of 
over 100TB per rack unit allows for a deployment of almost 
5PB in a 48U rack. Unlike legacy and flash-only storage archi- 
tectures and systems that are deployed to support individual 
applications, scaling to almost 4PB enables users to reduce 
storage dedicated to an individual application by centralizing 
their storage on a single TrueNAS Z35. A fully-populated Tru- 
eNAS Z35 is priced at less than half of other storage vendors’ 
solutions, like EMC and NetApp, while other storage vendors, like Dell, Nimble Storage and Tintri, 


can't achieve the same scale. TrueNAS also delivers this impressive capacity while consuming 
40% less data center floor space than the competition. 





tronomy Project 





Universities Soace Research Association (USRA) selected TrueNAS unified storage to keep their 
ever-growing scientific and engineering data online. The TrueNAS array will be used by the USRA 
to support the data generated by the NASA Stratospheric Observatory for the Infrared Astronomy 
project. TrueNAS gives the USRA a scalable storage system that can grow to 4PB using 40% of 
the rack space and costing 50% less than competitive storage solutions. 


Combining the TrueNAS TCO with its wide variety of services and protocols, an easy to manage 
file system, and robust data protection options meant TrueNAS solved all of USRA's storage 


needs in one array, ensuring the Stratospheric Observatory's data stays pristine and secure for 
posterity. 


www.ixsystems.com/TrueNAS 
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Great Specials 


On FreeBSD® & PC-BSD® Merchandise 


229.95 


PC-BSD 9.1 DVD 


239.95 


FreeBSD 9.1 Jewel Case CD Set 


DVD 


or FreeBSD 9.1 





Give us a Call & ask about our 
COFTWARE BUNDLEG 


1.925.240.6652 


s40.0 $99.95 


The PC-BSD 9.0 Users Handbook The FreeBSD CD or DVD Bundle 


PC-BSD 9.1 DVD inside each CD/DVD Bundle, you'll find 


Stylish Dress Attive 






. Comfy Appares 

FreeBSD 9.1 Jewel Case CD/DVD... $39.95 
CD Set Contains: 

Disc 1 Installation Boot LiveCD (i386 

Disc 2 Essential Packages Xorg (i384 

Disc 3 Essential Packages, GNOME2 (i386) 
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FreeBSD Subscription, start with CD 9.1 oo... ccsscessscesesenenreese $29.95 
FreeBSD Subscription, start with DVD 9.1 nc ccsssscesseneeeene 929,95 
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PC-BSD 9.1 DVD (Isotope Edition) 
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T-Shirts 

The FreeBSD Handbook 

The FreeBSD Handbook, Volume 1 (User Guide) ....................539.95 
The FreeBSD Handbook, Volume 2 (Admin Guide) ................ $39.95 
The FreeBSD Handbook Specials 

The FreeBSD Handbook, Volume 2 (Both Volumes)...............559.95 
The FreeBSD Handbook, Both Volumes & FreeBSD 9.1 ......579.95 
PC-BSD 9.0 Users Handbook. $24.95 
I iss aia ec taitdatceniciaictensidiaieaiicaal $11.99 
The FreeBSD Toolkit DVD... $39.95 
FreeBSD Mousepad .nnccccccccsosssscsssccssecesseesesereeevssnsseenee 9 10.00 
FreeBSD & PCBSD Caps $20.00 
BSD Daemon Horan onic ccccccccccsccoesseenen $2.00 
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Development tools on FreeBSD 
by David Carlier 


If you're usually programming on Linux and you consider a 
potential switch to FreeBSD, this article will give you an 
overview of the possibilities. 


1. How to install the dependencies 


FreeBSD comes with either applications from binary packages or compiled from sources (ports). 
They are arranged by software types (programming languages mainly in lang (or java specifically 
for Java), libraries in devel, web servers in www ...) and the main tool for modern FreeBSD ver- 
sions is pkg, similar to Debian apt tools suite. Hence, most of the time if you are looking for a spe 


without necessarily knowing the fully qualified name of the package, it is somehow sufficient. 


For example 


sjeleealiealies Feyojerladercyeskeiqy/ll Wenacnaye. woaliqijelly, 


pkg search <name> 





pkg search phpS 
will display php5 itself and the modules, furthermore php56 specific version and so on... 


The main difference is, you are not forced to either choose the binary or the port but can have 
both if it suits your need, but keep in mind that compiling from source can take a certain amount 
of time to achieve, if that is an important point for you. If the ports tree is not already present on 
your server, portsnap fetch extract will fetch the ports tree for you by default in /usr/ports. Then re- 
lated to the software type described above, you just need to go to the related folder, for example, 
for installing php5: 
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Cdm Us @/peees Weng) pits 
make config-recursive 


make install clean 





The second command, depending which options you are going to choose, will display all the op- 
tions available for each dependency (for example, if gd support is enabled, the options for 
graphics/gd library will appear). 


However, most of the time, the binary packages are sufficient to cover most of the needs. 
2. Web development 


This is basically the easiest area to migrate to ... most Web languages do not use particular spe- 
cific platform features, so most of the time, your existing projects might just be “drop-in” use 
cases. 


If your language of choice is PHP, luckily this scripting language is workable in various operating 
systems, most of the Unixes and Windows. In the case of FreeBSD, you even have many differ- 
ent ports or binary package versions (5.4 to 5.6). In this particular case, you might need some 
specific PHP modules enabled, luckily they are available atomically or if the port is the way you 
chose, it is via the www/php5-extensions's one. 


Terminal — 
File Edit View Search Terminal Help 


phpS-extensions-1.7 


be style precision math functions) i 
bzip2 library support 

calendar conversion support 

ctype functions 

CURL support 

dba support 

DOM support 

EXIF support 

fileinfo support 

input filter support 

FTP support 4 
GD library support i 
gettext Library support 

GNU MP support 





Figure 1: PHP port and modules 
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Of course, developing with Apache (both 2.2 and 2.4 series are available, respectively www/ 
apache22 and www/apache24 packages) or even better with Nginx (the last stable or the last de- 
velopment versions could be used, respectively www/nginx and www/nginx-devel packages) via 
php-fpm is possible. 


Outside of PHP, the same apply for Python / Django (www/py-django) and Ruby on Rails (www/ 
rubygen-rails), Python 2.7 and 3.5 (lang/python<version>) are available as Ruby until 2.2 (lang/ 
ruby<version>). 


In term of databases, we have the regular RDMBS like MySQL and PostgreSQL (client and 
server are distinct packages) ... databases/(mysql/portgresql)<version>-client and databases/ 
(mysql/postgresql)<version>-server) and the more modern concept of NoSQL with CouchDB, for 
example (databases/couchdb), MongoDB (databases/mogodb), Cassandra (databases/ 
cassandra) to name a few. 


Also, if you need to perform efficient Map / Reduce for Big Data work, you have the well known 
Apache Hadoop and Apache Spark (respectively devel/nadoop and devel/spark) ... And last, if 
you ever need a search engine, Apache Solr/Lucene (textproc/apache-(solr/lucene)), Xapian 
(databases/xapian) and their various language bindings are available. 


Example #1 Printing a variable (Array element) 


pnp 
echo $_SERVER[ “HTTP USER AGENT’! 





Figure 2: PHP development under Netbeans 


Is it rather Java Web or any language based on the Java VM platform? In FreeBSD, you even 
have Java 8 (either java/openjdk8 and java/linux-oracle-jdk18), various popular frameworks and 
J2EE servers or servlet engines, like Spring (java/springframework), 
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Jboss (java/jboos<version>), Tomcat (www/tomcat<version>), Jetty (www/jetty)... Even the more 
modern languages like Scala (lang/scala), Groovy (lang/groovy) can be found. 


Two languages described above, Python and Ruby, have their Java VM counterparts, Jython 
(lang/jython) and Jruby (lang/jruby), available as well. 


In terms of Integrated Development Environment, there are still several choices. The venerable 
Netbeans (java/netbeans or java/netbeans-devel), Eclipse (java/eclipse ... side note, FreeBSD 
needs to have Kerberos support enabled, NO. KERBEROS is /etc/make.conf or /etc/src.conf pres- 
ence needs to be checked) with their numerous popular plugins. 


3. Low level development 


The BSD are shipped with a C and C++ compilers in base. In the case of FreeBSD 10.2, it is 
clang 3.4.1 (in x86 architectures) otherwise modern versions of gcc, for developing with C++11, 
for example, are of course available too (lang/gcc<version> ... until gcc 5.2). 


Numerous libraries for various topics are also present, web services SOAP with gsoap through 
User Interfaces with GTK (x11-toolkits/gtk<version>), QT4 or QT 5 (devel/qt<version>), malware 
libraries with Yara (security/yara) ... 


In terms of IDEs, Eclipse and Netbeans described above allow both C/C++ development, Anjuta 
and Qtcreator are also available for important projects. If you prefer, FreeBSD has in base vi and 
Vi Improved can be found in ports / packages (editors/vim or editors/vim-lite without X11 support). 


Fie E@t Nevegete Search Proyect Run Window Help 
* Welcome 
| eee 


Select 


, OR 


Figure3. PHP development under Java Eclipse SDK. 


FreeBSD is a POSIX system, hence porting C/C++ code to this platform depends on the degree 
of portability of your projects, so the usage of specific “linuxisms” and such. 


In case more information is needed about porting software in FreeBSD and its specific tools, | 
would recommend reading BSDMag issue numbers 66 and 68. 
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4. Android / Mobile development 


In order to be able to do Android development, to a certain degree, the Linux compatibility layer 
(aka linuxulator) needs to be enabled. Also x11-toolkits/swt and linux-f10-gtk2 port/package need 
to be installed (note that libswt-gtk-3550.so and libswt-pi-gtk-3550.so are needed, the current 
package is versioned as 3557, can be solved with symlinks). In worst case, remember that bhyve 
(or Virtualbox) are available and can run any Linux distribution smoothly ... 


Andretd SOK Meneger Log 





Figure 4: SDK Manager under FreeBSD 


5. Source Control Management 


FreeBSD comes in base with a version of subversion, as FreeBSD source is in a subversion re- 
pository, prefixed svnlite, though, to avoid conflicts with the package/port. 


In addition, Git is present but via the package/port system with various options (with or without a 
user interface, subversion support). 


6. Conclusion 


FreeBSD has made tremendous improvements over the years to fill the gap with Linux whereas it 
still Keeps its own interesting specificities, hence there won't be too 
many blockers if your projects are reasonably sized to consider a 
migration to FreeBSD. 


About the author: 


David Carlier is a developer since 2001, mainly C/C++, living and 
working in Ireland mainly since 2012. He contributes to some open 
source projects and uses in a daily basis various operating sys- 


tems mainly BSD flavours. 
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NetBSD Introduction 


by Siju Oommen George 


The objective of this article is to introduce the NetBSD oper- 
ating system to people who are new to BSDs. The NetBSD 
project began as a result of frustration within the 386BSD de- 
veloper community with the pace and direction of the operat- 
ing system's development. 


The four founders of the NetBSD project, Chris Demetriou, Theo de Raadt, Adam Glass, and 
Charles Hannum, felt that a more open development model would benefit the project: one cen- 
tered on portable, clean and correct code. They aimed to produce a unified, multi-platform, 
production-quality, BSD-based operating system. The name "NetBSD" was suggested by de 
Raadt, based on the importance and growth of networks, such as the Internet at that time, the dis- 
tributed and collaborative nature of its development. 


Software Management 


pkgsrc (package source) is a package management system for NetBSD. It was forked from the 
FreeBSD ports collection in 1997 as the primary package management system for NetBSD. 
Since then, it has evolved independently: in 1999, support for Solaris was added, later followed 
by support for other operating systems. DragonFlyBSD, from release 1.4 to 3.4, used pkgsrc as 
its official packaging system, now it uses its own native “dports”. MINIX 3 and the Dracolinux distri- 
bution both include pkgsrc in their main releases. Over 23 operating systems use pkgsrc as their 
package management system. “Portage” of Gentoo Linux & “Arch Build System” of Arch linux are 
examples of other package management systems akin to pkgsrc. 


Portability 


As the project's motto ("Of course it runs NetBSD" ) suggests, NetBSD has been ported to a large 
number of 32- and 64-bit architectures. These range from VAX minicomputers 
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Figure 1. VAX 11/785 


to Pocket PC PDAs, 
Oc “tis | | 





sts 


Figure 2. NetBSD/hpcmips 5.1 on CASSIOPEIA Palm- 
size PC 


to toasters. 





Figure 3. NetBSD Toaster with the TS-7200 ARM9 
SBC 


As of now, NetBSD supports 57 hardware plat- 
forms including JA-32, Alpha, PowerPC,S- 
PARC, Raspberry pi 2, SPARC64 and Zaurus. 
The kernel and userland for all these plat- 
forms are built from a central unified source- 
code tree managed by CVS. 


Embedded Applications 


Being one of the most portable OSs in the 
world (with Debian), many of the supported 
hardware platforms are suited for embedded 
applications. Among the more popular proces- 
sor families for embedded systems are MIPS, 
PowerPC, ARM, Xscale and Super-H 


SMP 


NetBSD has supported SMP since the 
NetBSD 2.0 release in 2004. A scalable M2 
thread scheduler was implemented, though 
the old 4.4BSD scheduler still remains the de- 
fault but was modified to scale with SMP. 
Threaded software interrupts were imple- 
mented to improve synchronization. The vir- 
tual memory system, memory allocator and 
trap handling were made MP safe. The file 
system framework, including the VFS and ma- 
jor file systems were modified to be MP safe. 
Since April 2008, the only subsystems running 
with a giant lock are the network protocols 
and most device drivers. 


Security 


NetBSD source tree is periodically analyzed 
by two separate code scanners to maintain 
and improve code quality: Coverity - a com- 
mercial code scanner, and Brainy - a private 
code scanner developed by a NetBSD devel- 
oper. 
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Several security features are available in NetBSD, including IPsec - for both IPv4 and IPv6, a file 
integrity system (Veriexec), a kernel authorization framework (kauth(9)), exploit mitigation fea- 
tures (PaX), disk encryption (CGD), and a variety of other internal kernel bug detection features 
such as KMEM_REDZONE and KMEM SIZE. 


The NetBSD pkgsrc Security Team and package maintainers keep a list of known security vulner- 
abilities in packages which are (or have been) included in pkgsrc. The list is available from the 
NetBSD FTP site at: 


http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities 


Through audit-packages, this list can be downloaded automatically, and a security audit of all 
packages installed on a system can take place. 


NetBSD comes with its own firewall NPF. NPF was primarily written by Mindaugas Rasiukevicius. 
NPF first appeared in the NetBSD 6.0 release in 2012. NPF is designed for high performance on 
SMP systems and for easy extensibility. It supports various forms of Network Address Translation 
(NAT), stateful packet inspection, tree and hash tables for IP sets, bytecode (BPF or n-code) for 
custom filter rules and other features. NPF has extension framework for supporting custom mod- 
ules. Features such as packet logging, traffic normalization, random blocking are provided as 
NPF extensions. 


Virtualization 


The Xen virtual-machine monitor has been supported in NetBSD since release 3.0. Any number 
of "guest OSes" (DomU) virtualized computers, with or without specific Xen/DomU support, can 
be run in parallel with the appropriate hardware resources. NetBSD 6 as a Dom0 has been bench- 
marked comparably to Linux, with better performance than Linux in some tests. 


User-space virtualization such as VirtualBox and QEMU are also supported on NetBSD. 


NetBSD 5.0 introduced the rump kernel, an architecture to run drivers in user-space by emulating 
kernel-space calls. This anykernel architecture allows adding support of NetBSD drivers to other 
kernel architectures, ranging from exokernels to monolithic kernels 


Storage 


NetBSD includes many enterprise features, like iSCSI, a journaling filesystem, logical volume 
management and the ZFS filesystem. The WAPBL journaling filesystem, an extension of the BSD 
FFS filesystem, was contributed by Wasabi Systems in 2008. It also includes CHFS Flash mem- 
ory filesystem, the first open source Flash-specific file system written for NetBSD. A variety of "for- 
eign" disk filesystem formats are also supported in NetBSD, including FAT, NTFS, Linux ext2fs, 
Mac OS X UFS, RISC OS FileCore/ADFS, AmigaOS Fast File System, IRIX EFS and many more 
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Licensing 


All of the NetBSD kernel and most of the core userland source code is released under the terms 
of the BSD License (two, three, and four-clause variants). This essentially allows everyone to 
use, modify, redistribute or sell it as they wish, as long as they do not remove the copyright notice 
and license text (the four-clause variants also include terms relating to publicity material). Thus, 
the development of products based on NetBSD is possible without having to make modifications 
to the source code public. In contrast, the GPL, which does not apply to NetBSD, stipulates that 
changes to source code of a product must be released to the product recipient when products de- 
rived from those changes are released. 


As for packages, the installed software licenses may be controlled by modifying the list of allowed 
licenses in the pkgsrc configuration file. 


Research Usage 


NASA Lewis Research Center - Satellite Networks and Architectures Branch use NetBSD al- 
most exclusively in their investigation of TCP for use in satellite networks. 


KAME project - Aresearch group for implementing IPv6, IPsec and other recent TCP/IP related 
technologies into BSD UNIX kernels, under BSD license. 


NEC Europe Ltd. established the Network Laboratories in Heidelberg, Germany in 1997, as 
NEC's third research facility in Europe. The Heidelberg labs focus on software-oriented research 
and development for the next generation Internet. 


SAMS-Il Project - Space Acceleration Measurement System II. NASA will be measuring the mi- 
crogravity environment on the International Space Station using a distributed system, consisting 
of NetBSD. 


Who uses NetBSD? 


Arcapos point-of-sale terminals are known for their excellent user friendliness and extreme ro- 
bustness. The (commercial) arcapos applications (point-of-sale, infokiosks) are 100 percent 
made in Switzerland. NetBSD is not only used as the operating system of choice for arcapos, but 
also has been extended by the arcapos team to be the best open-source platform available for 
point-of-sale and related applications. 


CentreCOM WR54-ID by Allied Telesys, Co is a wavelan router based on NetBSD. 


The Champaign-Urbana Community Wireless Network releases an open source wireless sys- 
tem based on NetBSD. 
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fdgw is a one floppy version of NetBSD/i386. It can run on old machines without HDD. You can 
use it as a Small router, natbox or ADSL router. It is a minimal operating system. 


g4u is a NetBSD-based boot floppy/CD-ROM that allows easy cloning of PC hard disks to deploy 
a common setup on a number of PCs using FTP. 


Precedence Technologies (a UK-based company) offers thin-client software (ThinIT) and ac- 
companying hardware based on NetBSD. ThinlT provides access to Microsoft RDP, Citrix ICA, 
web-browsing, DVD playback, video streaming, ssh and VNC hardware all in a centrally- 
managed way with a tiny footprint. NetManager is a general-purpose modular firewall, email, 
web, VPN and proxy server based on NetBSD with easy-to-use web-based management. It also 
offers web-based central management of ThinlT. 


The Operating System made by QNX Software Systems Ltd. uses several components of the 
NetBSD System. 


Dynarc makes a series of routers for optical IP networks. The base for their software is NetBSD 
(mostly kernel). 


endgadget's palm-sized NEC UNIVERGE WNX Server measures only 3.79 x 2.57 x 2 inches 
(96.4 x 65.4 x 50.7mm), and can easily be considered palm-sized. It runs NetBSD, features video 
in/out, audio in/out, 100Base-TX ethernet, two CF card slots, and offers a battery life of three 
hours. NEC intends the server to be used as a sort of mobile gateway for connecting your phone 
to video cameras in an office, for example. 


BMF CORPORATION produces EZF-1500E, a development kit for embedded finger print sys- 
tems. The kit includes an ARM9 based board and a development environment based on NetBSD 
1.6. Also, source code of the finger print sensor driver, a finger print matching engine library and 
sample programs, and circuit diagrams are available. 


Dell Networking OS 9 is powered by NetBSD. The NetBSD kernel provides a stable operating 
system and performs efficient resource management via the HAL architecture, allowing it to de- 
liver superior levels of concurrency, memory allocation and process scheduling. All other applica- 
tions run as independent and modular processes in their own protected memory space. 
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There are many more to all the lists but are not included due to possible space constraint. 
If you would like to try this Operating System you can start reading the documentation from 
http://www.netbsd.org/docs/guide/en/netbsd.html 


Support for the Operating System can be requested from netbsd-users and pkgsrc-users. Direc- 
tions to join the mailing lists are provided in the pages 


http://www.netbsd.org/mailinglists/ 
http://www.netbsd.org/mailinglists/#descriptions-of-mailing-lists 


For mailing list archives you may go to http://marc.info/ 


About the Author: 

Siju Oommen George, CISO&CE, 

BroadTech IT Solutions 

LinkedIn group: AllSec Group https://www.linkedin.com/groups/8244677 


Webpage: BroadTech http://www.broadtech-innovations.com/ 


MAGAZINE 


BSD 


22 





Model View Whatever - origins 


by Damian Czernous 


This is the first paper in a series about the evolution of GUI 
related strategies named Model View Whatever. As an engji- 
neer, | find myself confident in the software engineering 
field due to the passion for context (history). This series of 
short papers, divided by major influences that happened 
through tens of years, delivers context and sometimes or- 
ganises the mess around these little letters: M, V and W. 


Preface 


The way we use computers these days varies from years ago in the '60s. The nice and personal 
graphical user interfaces (GUI) welcomes us just after turning on our desktops, laptops, mobiles, 
tablet,, etc. In most cases, we don't even think about how many little things had to be source 
coded so they can look and behave in the way we know them. For some time, intuitive interaction 
and easy to read UI became a must. Currently, Ul designers are challenged to create emotional 
bounds with the app users, but in the '60s, engineers didn’t think too much about this stuff. In 
fact, the idea of controlling a computer with the mouse was just laboratory fun. 


Complement. 


In the early '60s, Douglas Engelbert, inspired by Vannevar Bush's work, constructs the first 
mouse called ,X-Y Position Indicator’. In the late '60s, he creates ,a windowed GUI” oNLine Sys- 
tem (NLS) equipped in video teleconferencing to attract attention. In NLS, the cursor pointer can 
be moved using the mouse. In 1963, lvan Sutherland shows a program called ,Sketchpad”, which 
directly manipulated objects on a Cathode Ray Tube (CRT) screen using a light pen. That was 
the first graphical user interface. 


The idea of a GUI derives from cognitive psychology. The human brain works more efficiently 
with graphics and direct manipulation of drawings on a screen is essential for the human - ma- 
chine communication. 
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Recently, however, a different trend starts to be visible; apps without a UI or a very informative 
one. After years of telling computers what to do, people are ready to move a part of their decision 
powers to the machines, e.g. ,, ext editor: please dictate, | am ready to note.”; ,House: | am reduc- 
ing the temperature.”; ,Heart: please, sit down, you will have a heart attack shortly. The ambu- 
lance is on the way.”. 


Amazing people 


The first ship (,Praise of the Two Lands”) recorded by name appears in 2613 BC. In 1864, Louis 
Pasteur proposes a theory where all earthly life comes from the Universe. In 1871, Charles Dar- 
win, however, puts forward a hypothesis where all life got started in a warm little pond. In 1963, 
Norwegian scientist Trygve Reenskaug completes production ready solution for computer aided 
design of ships. Autokon for next 30 years helps shipyard engineers realise their fantasies. Later 
on Trygve formulates the industry standard pattern for UI building. Water, an ultimate source of 
life, inspiration and UI patterns. 


In the '60s, Trygve completes Computer-Aided Design/Computer-Aided Manufacturing (CAD/ 
CAM) solution called Autokon. This type of program includes vector-based graphics or raster 
graphics to present designed objects. The user interface, however, is nothing like graphical. It 
couldn't be. The first GUI shows up in ,Sketchpad” app in the same year of realising Autokon. 


Trygve’s lessons learned set a great foundation for his future work, which is visible in Autokon re- 
lated papers, e.g. ,Administrative control in the shipyards” published on International Conference 
on Computer Applications in Shipbuilding (ICCAS) conference in August of 1973 in Japan. 


It is the year 1978, Trygve Reenskaug, during his one year stay at Xerox PARC in Palo Alto in 
California, creates an early implementation of the object-oriented programming language called 
Smalltalk. He also creates structure called Model-View-Editor that was published in May of 1979. 
The final name, Model-View-Controller, pops up in December of the same year, thanks to Adele 
Goldberg (lead of original Smalltalk development). The MVC design pattern was born. 


»! he essential purpose of MVC is to bridge the gap between the human user's mental model and 
the digital model that exists in the computer. The ideal MVC solution supports the user illusion of 
seeing and manipulating the domain information directly.” (Trygve M.H. Reenskaug) 


After his stay at Xerox PARC, Jim Althoff codes a version of MVC for the Smalltalk-80. Jim under- 
stands controlling part duties somewhat differently from the original one. 
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The MVC 


The MVC is a great step forward, but before people become ready for it, its potential needs to re- 
main dormant. In the late '70s, evolution around GUI begins. In the '80s, the first versions of the 
widget toolkits show up, such as X Toolkit Intrinsics (Xt), but the MVC stays somehow unused. 
Even later toolkits prefer to keep as one the view and the controller. 


»(...) Every widget belongs to exactly one widget class (...) Logically, a widget class is the 
procedures and data associated with all widgets belonging to that class. These procedures and 
data can be inherited by subclasses. Physically, a widget class is a pointer to a structure.” 

(X Toolkit Intrinsics - C Language interface, chapter 1.4. Widgets) 

It is difficult to find thoughts about MVC for the next nine years (since discovered). Even in 
Smalltalk-80 tech notes. Finally, in late Summer 1988, Glenn Krasner together with Stephen 


Pope publish issue ,A Cookbook for Using the Model-View-Controller User Interface Paradigm in 
Smalltalk-80” of the Journal Of Object Oriented Programming (JOOP). 





Figure 1: Separated Presentation dependencies 


The highest value 


The biggest achievement of MVC is separation of data (Model) from its presentation (View and 
Controller together). It might be obvious these days, but it wasn’t at that moment. Every next gen- 
eration pattern benefits entirely from extracted data outside the data rendering code. In practice, 
even later developed UI frameworks, in many cases, use just these fundamental dependencies 
for widget modeling. 
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In next paper 


The original structure of the MVC has Model and View related flaws. Historically, engineers deal 
with the Model related flaws first. In the late '80s, another way of building UI interfaces gains 
popularity. Its traces are visible in the structure of next generation Model-View-Presenter (MVP) 
design pattern. In the '90s, engineers concentrate on the View related flaws. Later on, the Model- 
View-ViewModel (MVVM) design pattern enters the stage. The next article, Model View Whatever 
- MVC’s model evolution, focuses on identifying flaws of the MVC and model evolution. 


About the author: 
Damian Czernous 
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Experimenting with Xen 
by Roger Pau Monne 


Xen is a hypervisor using a microkernel design, providing 
services that allow multiple computer operating systems to 
execute on the same computer hardware concurrently. 


Hypervisors can be divided into two categories: type 1 - those that run directly on bare metal and 
are in direct control of the hardware, and type 2 - hypervisors that are part of an operating sys- 
tem. The Xen microkernel is considered a type 1 hypervisor, since it runs directly on the hardware 
without the need of any OS, and, in fact, Xen is OS-agnostic, allowing several different OSes to 
act as control domains. 


[include kvm_arch.pdf] 
[include xen_arch.pdf| 


Xen architecture Type 2 hypervisor architecture 








It's important to notice some differences between type 1 and type 2 hypervisors. With type 2, the 
hypervisor itself is integrated into a general OS kernel, while on type 1, there's a clear separation 
between the hypervisor and the host OS. On type 1 hypervisors, like Xen, the control domain is 
just a guest with special privileges. It's also important to notice that on type 2 hypervisors, virtual 
machines compete with other tasks running on the host in order to get resources (CPU time, 
memory...); this doesn't happen on type 1 since the hypervisor only schedules guests. 


Initial Xen support for FreeBSD on x86 as a guest was introduced in version 8 and ARM support 
is currently being worked on. Support for using FreeBSD as a Xen host (also called Control Do- 
main or Dom0) has been added in FreeBSD HEAD, and it requires Xen 4.5 or any later version. 
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Supported guest types 


When Xen was designed in the late 90s, there were only two options in order to use virtualization 
on x86, both with very high overhead — full software emulation or binary translation. To over- 
come this, Xen took a new approach. We made the guest aware that it was running inside of a vir- 
tualized environment and provided a whole new interface that removed the extra overhead; this 
lead to what is known today as ParaVirtualization (PV to shorten it). With the introduction of hard- 
ware virtualization extensions in x86 in 2005, Xen gained the ability to run unmodified guests in 
Hardware Virtual Machine (HVM) mode. This was a very important step because it allowed Xen 
to run guests without any PV-aware interfaces. 


While this separation between PV and HVM guests make a clear cut, there have been several 
PV specific improvements made available to HVM guests in order to obtain better performance. 
HVM guests can make use of PV disks and NICs to boost IO throughput and when a guest 
makes use of those interfaces inside of an HVM container, it is known as HVM with PV drivers in 
the Xen argot. But it doesn't stop here, since Xen 4.1 a HVM guest can also use PV timers and 
PV IPls to reduce even more emulation overhead. When a guest runs in this mode, it's known as 
PVHVM. 


In general, HVM guests have better performance, especially regarding page table manipulation 
operations. The software page table manipulation used in PV guests is one of the main perform- 
ance problems of pure PV guests. In order to improve this, a new mode has been recently intro- 
duced that allows it to run PV guests inside of HVM containers. This new mode is called PVH, 
and makes use of the hardware virtualization extensions for the CPU and MMU, while using PV 
interfaces for the rest. 
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Figure 2. Xen Arch Operating system 
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Preparing the host 


In order to setup a Xen host, an AMD64 HEAD install of 

, FreeBSD is needed. There's no Dom0 support on any 
Control stable FreeBSD branch, so it's still quite experimental and 
not recommended for production usage. At the moment, 
Xen requires Intel hardware with VT-d support in order to 
Linux, FreeBSD run a FreeBSD Dom0O (because it uses the new PVH 

or NetBSD ee ee ee but AMD support is in the pipeline and is planned to 
land soon. Since Xen can use both block devices and plain 
| files as disks for guests, it's interesting to setup ZFS in or- 


Hardware | CPu | = der to make use of it's advanced features, like snap- 


shotting. 


Domain 





Figure 3. Xen arch control domain. 


Having that said, we will start by setting up the serial console, which is important if things go 


ISeKe te. Ewe ere nS Naas 
ISOC. See la Las sae. 
SQueC SOS Sioseea La A U0! 


console="comeonsole,; vidconsole™ 





wrong while using Xen. First of all, we need to modify /boot/loader.conf and add the following 
lines that will enable output on both the serial and VGA consoles (footnote 
https://www.freebsd.org/doc/handbook/serialconsole-setup.html): 


(Ce AUN! btsiie / Ali loley care Mefsiciny, teiwelndl ike, OO dialup onifconsole secure 





We are also going to enable a login prompt on the serial tty by making sure the following line is 
present in /etc/ttys: 
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Install Xen 


After a reboot, you should be able to get the bootloader and the kernel output on the serial con- 
sole and we can proceed with the installation of Xen. For this tutorial, we are going to use the 
Xen binary packages provided by pkg(8): 


# pkg install xen 


After the installation has finished, we need to configure a couple of things in order to reboot into 
our newly installed Xen host. First of all, we are going to remove the limit on the amount of wired 
memory an application can use. This is needed because the Xen tools make heavy usage of 
wired memory in order to interact with the hypervisor. So the following needs to be added to 
/etc/sysctl.conf: 


Waihatere ikieee sa I 








Then we also need to enable the serial terminal in order to get a login prompt, this is very similar 
to what we did in order to enable the serial login prompt, so open up /etc/ttys and add the follow- 
ing line: 


UY ilicsey/ Ieshleves dave, ofseiee aie xterm onifconsole secure 





Now we need to tell the FreeBSD loader to boot into Xen, in order to do that we are going to add 
the following lines to /boot/loader.conf: 


xen kernel="/boot/xen" 


xen cmdline="dom0_ mem=2048M dom0_ max vcpus=4 dom0pvh=1 


(Ol I 1 oyA ONO ena ronysio lho Nropel a (eleimil. tjiersic  Iheie) Ive lk=eidl Ik lore yb Seiieily: 





The xen_kernel option tells the loader where to find the Xen kernel, while the second line con- 
tains the options that are passed to Xen. Let's examine them in detail (footnote 
http://xenbits.xenproject.org/docs/unstable/misc/xen-command-line.html): 


MAGAZINE 


BSD 


30 





*dom0_mem: tells Xen how much memory to assign to the control domain. 


*dom0_max_vcpus: tells Xen how many CPUs will be assigned to the control domain. 


¢ dom0pvh: enables PVH mode for the control domain. This is the only mode FreeBSD can 
use, so this option is mandatory on FreeBSD. 


*com1: configuration of the serial line. 


* console: specify which console(s) Xen should use, in our example Xen will send it's output 
to both the VGA and the serial line. 


¢ guest_loglvl, loglvl: enable all possible log messages. This should only be used for develop- 
ment or testing purposes. 


For commodity, it's also recommended to load if_tap during startup (it's used by Qemu). In order 
to do it, we just need to add the following line to /etc/rc.conf. While there, we are also going to cre- 
ate a bridge with the physical interface em0 that we can use in order to provide network access 
to guests: 


Rie) dese ake Selo 


ie Moigerel aide Gneseeveye— one iioleeiol 


SIG M ANS) Jove eles 0 eyolonn Keine) Seal sle len 


BEGIO GHEALe) KS)inlGl ab yous 





And finally, we also have to add the following line to /boot/menu.rc.local, this is not strictly re- 
quired but gives us a better loader menu when using Xen: 


try -anelude/ boot, xen. 4th 





A new option will show up on the boot options list (item 6 in the loader menu) that allows the user 
to switch the usage of Xen on or off from the menu itself. 
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Creating guests 
FreeBSD PVHVM guest 


We can setup a FreeBSD guest using two different methods; we can either use the pre-build VM 
images, or we can perform a normal install using the ISOs. In this example, we are going to use 
the ISOs so the install process resembles a bare metal FreeBSD install. The first step consists of 
downloading the install disk and creating a ZVOL to use as disk: 


# fetch 
fip://tip. freebsd jorg/ pub/ EreeBSb/releases/ 1ISO-IMAGES7 10227 FreeBSD -l0 
.2-RELEASHE-amdo4—bootonly.iso 


# zfs create -V 20g tank/freebsd 


Then we need to create the guest configuration file: 


# This configures a HVM rather than PV guest 
builder = "hvm" 

# Guest name 

name = "freebsd" 

# Initial memory allocation (MB) 

memory = 1024 

# Number of VCPUS 

vcpus = 2 

# Network devices 

vif = "bridge=bridgeO' |] 

# Disk Devices 

disk = '/dev/zvol/tank/freebsd, raw,hda,rw', 


U/ GOOt/Ereehsd/ Hreebob— 0. Z2-RE LEASE —emado4 -bootomly.1so, raw, ndescdrom, 
ia ] 





gone eh 
Vac listen — "0,020.0" 


serial = "pty" 


Now we can create the guest: 


# xl create freebsd.cfg 


And attach to the vnc console in order to perform the install: 


Once the install has finished, we can remove the ISO image from the guest configuration file and 


ie WAMGNAsentietien <<lalotsie 


boot into it. We are going to configure the guest to use the serial console so we can get the boot 


boot multicons="YERo.'s vncviewer <host> 
INOlOne Psioie ele ans) 

(SOMCO NSO) Se sys) Selo IISA O10 
console="comconsole, vidconsole" 


ey uO UO bucue / dbalieves-qaiey @iSieie. 7 Sielel a ible A0 OM woBueibys) weil iS eblige 


output and a login prompt on the command line. In order to do so, we need to modify 
/boot/loader.conf and /etc/ttys like we did on the control domain: 


= cll lahbueeleiser 15) mia ejsvel 


# xl create -c freebsd.cfg 


Now we can reboot the guest and see how it boots from the serial console using the xl toolstack: 
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Debian PV guest 


In order to setup a pure Linux PV guest, we are going to use Debian. Debian already provides a 
kernel and initramfs that can be used to setup a PV guest, and a config file that can be used with 
Xen. First we need to fetch all those parts: 


# fetch 
http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/curren 
t/images/netboot/xen/initrd.gz 


# fetch 
http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/curren 
t/images/netboot/xen/vmlinuz 


# fetch 
http://ftp.debian.org/debian/dists/jessie/main/installer-amd64/curren 
t/images/netboot/xen/debian.cfg 


We are also going to create a ZVOL in order to provide a hard drive to the guest: 


# zfs create -V 20g tank/debian 


And finally we need to edit the config file debian.cfg in order to set the correct paths: 
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# TO BOOT INSTALLED SYSTEM 
# 
# Comment all of the above installation options and uncomment the 


i losubentr suaks eerie! 











# The following options are common to both installation time and nor- 
iNelsL deverene slnvor, 


ii 


# Only a subset of the available options are included below. 


# See /usr/share/doc/xen-utils-common/examples for full examples. 


wi 
Zz 
N 
< 
g 
< 
= 





# A name for your domain. All domains must have different names. 
name = "debian" 


# Number of Virtual CPUS to use, default is 1 


2 IDE linS imeienmencl Ainceiarcieass 


vif = ['bridge=bridge0'] 


+ Derine teks 


This guest has been configured to use 2 vCPUs and 1GB of RAM. The virtual network card will 
be added to the bridgeO automatically by the Xen toolstack. Now we can create the guest and pro- 
ceed with the installation: 


if xl Greate —c debian. cig 


Once the install process has finished we will need to tweak the guest config file so it boots from 
the hard drive. This will require changing the top of the config file so it looks like: 





? TO, BOOT INSTALLED Svs TEM 
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# Comment all of the above installation options and uncomment the 


ve loculewtr cleric! 





Now we can boot into the installed system: 





7 2ClCrheabe co deotan. cro 


Live-migration of guests 


Performing live migration of guests on Xen is fairly easy, the only requirements are that the disk 
image(s) are shared between both hosts (NFS for example) and at the same place in the filesys- 
tem hierarchy. The bridge to which to attach the virtual network interface(s) also needs to have 
the same name. Finally, you also need sshd running on the control domain. 


For this example, we are going to use a FreeBSD guest named freebsd running on the current 
host, and we want to migrate it to hostb.example.com: 





# xl migrate freebsd hostb.example.com 


If you don't have a pair of hosts running Xen, you can also perform a local-migration in order to 
test it (although it's not as astonishing): 


# xl migrate freebsd localhost 
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Finally, you can also perform saves and restores of guests: 


# xl save freebsd /path/where/to/save 
# xl restore /path/where/to/save 


# xl restore /path/where/to/save 





Take into account that the save command only saves the guest memory and device status, the 
disk status needs to be saved manually by the user, for example by taking a ZFS snapshot: 


# xl save freebsd /path/where/to/save 


# zfs snapshot tank/freebsd@checkpointl 


# xl restore /path/where/to/save 





About the author: 

Roger Pau Monné is a Software Engineer at Citrix and a FreeBSD 
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Security is not a one-time event, but 
a continuous stream of small im- 


provements. 
Michael Boelen from CISOfy 


by Marta Ziemianowicz & Marta Strzelec 


[BSD Magazine]: Hello Michael, how have you been doing? Can you tell our readers about 
yourself and CISOfy? 


[Michael Boelen]: Doing great, thanks. Born and living in The Netherlands, I’m 33 years old and 
founded the company CISOfy. Some readers might already be familiar with some of my personal 
open source security tools: Rootkit Hunter (or rkhunter) and Lynis. The first tool helps administra- 
tors find malicious software on their systems. Lynis is my current project. It is more generic and 
helps with performing in-depth security scans. Besides security research and development, | like 
to read and watch TV. When | have time left, | love to blog and share my work on the Linux secu- 
rity blog linux-audit.com. 


In 2013, | founded the company CISOfy. We focus on Linux and UNIX security only. One of our 
goals was to leverage the open source tool Lynis and build a commercial solution around it. This 
way we could make a living, and ensure the open source tool got a higher level of development 
(more updates, higher quality). The name “CIlSOfy” highlights the focus to make security available 
to all layers of personnel, from the UNIX system administrator, up to the CISO (Chief Information 
Security Officer). 


[BSD Mag]: Tell us something about your solution, Lynis Enterprise Suite. 


[MB]: Lynis is a great standalone tool to perform security scans. The downside is that the results 
are limited to that particular system only. So to make it scalable for your whole environment, we 
created a central hub to store all Lynis scans, named Lynis Enterprise. It also comes with addi- 
tional plugins, so that Lynis can gather even more information. So both the community and paying 
customers run actually the same tool. 
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Here is how it works: Lynis runs on the system and collects all kind of data, like the boot loader 
you are using, or any vulnerable packages it found. It checks configuration files, from varying 
services like SSH, nginx, or even Docker. When it is done, it uploads the data to the central node. 
There the data is parsed, stored and presented in different ways. There is a dashboard, different 
types of reports, and an overview of each system with all related details. Lynis Enterprise also 
helps you to prioritize all findings. So this way you have a starting point for your system harden- 
ing efforts. For example, sorted by quick wins or systems with the highest risk. The solution 
wants to do as much automation as possible, to make your life easier. It provides you with related 
code snippets (shell, Ansible, Chef, Puppet etc), to solve discovered findings. 


[BSD Mag]: Why Linux/Unix-based systems? Are they less secure than the others? 


[MB]: We have seen that most companies run a combination of operating systems, or have a 
high specialization in just one of them. Where most security software companies provide generic 
tools, we want to provide a specialized solution, focused on your favorite platform. Most competi- 
tors don’t even support *BSD, and we do. This is one of our reasons to ignore Windows and mo- 
bile devices. Also, my background is in systems running Linux, BSD and Mac OS X. Personally, | 
think all operating systems have their own flaws, which makes it hard to state if one is more se- 
cure than the other. | do think, however, that you always have to do system hardening, to ensure 
a system has the proper security defenses, in line with your personal or business risks. 


[BSD Mag]: There have been many news stories about Linux and its security recently. It 
looks like it’s not the most stable and safe system. What do you think about it? 


[MB]: There is definitely a lot going on around that subject. | think the Linux community is getting 
better at it, but we are still not there yet. What still surprises me is that most people don't even im- 
plement basic hardening, or actually weaken the system, like disabling iptables and SELinux by 
default. This is something | like with the BSDs, as they are commonly secure by default, with a 
minimal installation. Fortunately, more Linux distributions are applying that same principle now as 
well. 


[BSD Mag]: Would you say that Linux users were, in general, more aware of security is- 
sues than the average user? 


[MB]: | think they are, as the average user has a different goal, which is just doing the thing they 
like. This might vary from playing games to surfing the web. Usually Linux users are not afraid to 
learn new skills, or improve things themselves. This includes improving security. Privacy-tailored 
Linux distributions are a good example of that. The average user and usually a Linux user, have 
different goals of using a computer. That might change slowly, as more non-technical people are 
starting to use Linux-based systems. 
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[BSD Mag]: What is your mission and where does it comes from? Do you have any story 
or philosophy behind your company? 


[MB]: Our mission is to help others with gaining security insights, by providing our auditing solu- 
tion. In other words, let them know how well they are doing, then tell them what the next step 
might be. Sharing this “next step” is one of our three main pillars, so people improve in small 
steps. After all, security is not a one-time event, but a continuous stream of small improvements 
(and adjustments). The other two pillars are “simplicity” and “first impression”. For simplicity, we 
try to avoid jargon as much as possible. It also shows in our user interface and website, which is 
clean and quick. With the first impression, we want to show you this simplicity at different areas, 
from running the open source Lynis tool, to the first time you are uploading a new system to the 
central node. 


ClISOfy was founded to solve a very basic problem: it is hard to Know for sure how well a system 
is hardened, and what else can be done. Besides providing technical details for a system adminis- 
trator, we also want to help them explain to their manager what they are doing. Too often techni- 
cal people can't convey the message to their manager, like why they need a new security solu- 
tion, or how secure the systems really are. This is something we try to solve, together with the ad- 
ministrator, auditor or security professional. For example, our solution has by default three dash- 
boards, each focused on a different audience (business owner, IT manager, system administra- 
tor). 


[BSD Mag]: Which needs to happen more: CISOs learning how to communicate well with 
managers or managers brushing up on their cyber security skills to understand their Cl- 
SOs better? 


[MB]: For maximum benefit of the company, both would have to improve (at the same time). Se- 
curity policies are a way of communication. They need to be guided from all the way at the top, 
down to all employees. The CISO/CSO has a challenging job, as we humans prefer taking the 
easy path, circumventing security controls. This way of thinking is a risk to the protection of valu- 
able company assets (people, information, customers, etc). Now middle managers have a similar 
challenge as the CISO, which is keeping up with all the ongoing developments in information se- 
curity. Since it finally comes down to money, the company will get a big better impact if the CISO 
is a good communicator. Then the managers will follow. 


[BSD Mag]: I’m in the process of finding new article authors and companies to cooperate 
with. | find many people from Netherlands, who are interested or have skills in Linux/Unix, 
openBSD, etc. Do you think there is any reason for Netherlands being a “hub” of people 
passionate about it? 


[MB]: We have a lot of skilled people in The Netherlands, including knowledge around open 
source. Our connectivity to the internet is one of the best around the world. BS 
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So that provides easy access to knowledge. Then there are several communities around open 
source, including user groups and nowadays Meetups. 

Our country is known for their trading skills during the last centuries, and we might have inherited 
that way of thinking. We are actually “cheap”. So instead of paying for a Windows license, we 
don't mind having to tinker a bit, and get a system with a cheaper alternative. | also see this in 
countries like Belgium, France, Spain, and Germany. They also have a high amount of open 
source usage. There is only a small difference between all these countries and ours, which is that 
we usually use English (instead of Dutch) as our primary language when sharing knowledge and 
building projects. 


[BSD Mag]: Do you think European market differs a lot from American one? Would it be 
better for you to be based in USA? And do you think that Europe has to face a different cy- 
ber attack, or it’s basically the same as USA? 


[MB]: There is definitely a big difference in both markets. For example, compliance is something 
which drives American companies more than in in Europe. The way money is spent is different as 
well. Americans usually quickly understand the value of a product and then decide to pay for it, 
while European people want to discuss and compare things. When it comes to attacks, the 
stakes might be similar. Every country has critical infrastructure and companies doing interna- 
tional business. An interesting fact is that individual systems in The Netherlands are an interest- 
ing target, due to our good connectivity. When it comes to our location, The Netherlands is actu- 
ally a very good place to be. There is a lot going on with information security during the last 
years. The Hague Security Delta, as an example, which means the government, companies, and 
universities, are now working together and creating their own ecosystem. This way we can get 
more students trained and deployed in our field. For us The Netherlands is a good place to be, as 
we have a lot of skilled people in the area. From here we can continue providing our services, 
while at the same time being close to new developments. 


[BSD Mag]: Is there a difference in response to attacks as well? 


[MB]: | don't think there is a lot of differences on how each country respond to attacks. In the end 
this is depending on regulations, but more importantly on the affected company itself. 


[BSD Mag]: OpenBSD has its own amazing community. Do you think Linux/Unix enthusi- 
asts create such community as well? 


[MB]:There are definitely such communities as well in the Linux space. The difference is that they 
have more specific interests, like a specific Linux distribution. One great example is that even sys- 
temd has its own conference (systemd.conf). 
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[BSD Mag]: What are the current trends you’re seeing in cybercrime? 





[MB]: Last year's “ransomware’” is becoming a hot topic. The attacker will encrypt all your files. 
Then money is asked in exchange for decrypting your data back to its original form. It now is also 
available for Linux systems and my guess is that it won’t take long that it becomes more popular. 
In 2003 when | created rkhunter, the use of rootkits was commonly seen. While it has been silent 
around that topic for some years, sometimes new ones are showing up again. After all, some- 
times attackers want to maintain control as long as possible over hijacked machines. 


[BSD Mag]: What are your biggest challenges today and how are you working to solve 
them? 


[MB]: One of the challenges we face is actually how people perceive security tools. Often people 
compare Lynis as a vulnerability scanning tool. There is a fine line between performing a security 
audit, and searching for known issues. While our solution also may pick up weaknesses, its pri- 
mary goal is different. We help to measure your defenses and propose the implementation of new 
ones. Or when applicable, enhancing existing implementations. This is different to searching for 
known vulnerabilities and then telling you to fix them. We try to solve this issue by educating peo- 
ple, during presentations and by writing about the subject. 


[BSD Mag]: What are the company’s plans for the future? 


[MB]:Currently, we have a high focus on compliance and automation. For example, companies 
who process payment transactions are required to be in compliance with PCI DSS. The specific 
details in the standard change on a regular basis, which is challenging for most companies. So 
that is something we focus on, to make this process easier for them. Then when the auditor 
comes in, the number of findings will be very small, simplifying the certification process. Another 
thing is automation and something we will further improve upon, like introducing the API (Applica- 
tion Programming Interface) we are working on. This enables customers to compare systems 
from their CMDB (Configuration Management Database) with the ones discovered during the se- 
curity scans. A great way to discover so-called “shadow IT”, like systems running under desks. Af- 
ter this work is done, we have actually some plans to make things more real-time, like detecting 
changes to the system when they happen, and properly reporting on it. 


[BSD Mag]: Is there is anything you would like to tell/advise our readers? 


[MB]: There are definitely some things | wish | knew when | started in the information security 
field. They might seem like basic tips, but it is easy to get trapped into other beliefs. Especially 
with security vendors and security researchers throwing all kind of threats and risks at us. 
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So here are my three main tips | would like to share: 
1. Keep security simple 


Too often we complicate things, like using technical jargon too much (especially abbreviations!). If 
we want people to embrace our security policies, make it simple for them to understand and ap- 
ply. This applies also to simplify security products, make reports easier to read and better explain 
risks. 


2. Get involved in open source projects 


If you want to learn security, or help making the world a safer place, start with open source pro- 
jects. Use them, send them suggestions, or provide actual code. It is a great way to build up your 
CV, get to know people in the field and to contribute. Most security people are contributors and 
like others who are similar. 


3. Use the right tool 


It is still common to see people just wanting to do vulnerability scanning, while they actually want 
to know how safe they are with their existing defenses. If you want to add value for your company 
and customers, know the subtle differences between technology and types of security assess- 
ments. Also, learn to understand your customer and their skill set, so the right tool can be ap- 
plied. When speaking about tools, there is more than just technical software solutions. Tools like 
the right processes, good communication, and providing structure. 


About Michael: 


Michael Boelen specializes in the field of Linux/Unix secu- 
rity. In the last years, he worked as a consultant for sev- 
eral big companies, including T-Systems, Philips, and 
ASML. In 2013, he founded security firm ClSOfy, to sup- 
_ port companies with their auditing, hardening and compli- 
ance needs. Michael is the author of several open 
source security tools, like Rootkit Hunter (rkhunter) and 
Lynis. Both very popular, and used in the toolkit of sys- 
_ tem administrators and security professionals. Other 

work includes supporting the CIS benchmarks and writ- 
ing articles. He is a regular contributor to the Linux Audit blog, covering Linux/Unix security. 
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You wouldn’t want to build a team 
who are all the exactly the same. 


Valerie Heatley from Speerhead 


by Marta Ziemianowicz & Marta Sienicka 


[BSD Magazine]: Hello Valerie, how have you been doing? Can you tell our readers some- 
thing about yourself? 


[Valerie Heatley]: Hey there- I’m great, this is my favourite time of year. Autumn seems to always 
bring about change and new beginnings. | was recently asked at a panel discussion- what's not 
on your LinkedIn profile? My first business outing was selling second class strawberries for jam 
making, with my sister when | was 8. It may have lasted only one summer, but it set us up to be 
aspiring entrepreneurs. Especially when we saw how many more sweets we could buy if we 
earned the money ourselves. 


[BSD Mag]: What is Speerhead? 


[VH]: Speerhead is a boutique recruitment agency specialising solely in DevOps. Backed by over 
25 years of both technical and recruitment experience, Speerhead has developed a disruptive 
method for technical recruiting. 


[BSD]: Could you tell us more about this disruptive method for technical recruiting? 


[VH]: It’s about getting into the minds of these DevOps professionals. Understanding what gets 
them excited and helping companies discover what exactly it is about their opportunity that will se- 
cure these professionals. Gathering all of this information and marketing it in the appropriate way 
to a select group of hand selected people. 
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[BSD Mag]: What are the trends in DevOps recruitment? Who is the most needed and valu- 
able? 


[VH]: Automation, automation, automation- still, it's the absolute pillar of DevOps. The most valu- 
able professionals can do and advise on the most appropriate method to satisfy business goals, as 
they have multiple languages and tools. They also have a diverse background (yet stable) that al- 
lows them as an engineer to see a much wider picture, while still being able to get down to the nuts 
and bolts. We are seeing specific technology not being important, as companies become more and 
more polyglot and reactive to an ever evolving ecosystem of technologies. 


A massive trend we’re seeing is that the power is with the candidate. Companies looking to secure 
talent need to ensure they discover what is truly unique about their project, sell it, and then snap 
them up as quickly as they can. 


[BSD Mag]: Tell us something about the training academy that you are building at the mo- 
ment. 


[VH]: The main issue in DevOps is that the area is top heavy. Speerhead plans to tackle this by 
feeding the industry from the bottom. Taking really clever graduates and teaching them the funda- 
mentals of DevOps- automation, monitoring, soft skills, etc., that way lowering the entry point for jun- 
ior engineers. 


[BSD]: Why did you decided to start this project? 


[VH]: As | was saying, the market is top heavy. There are lots of really senior people who can spear- 
head DevOps adoption. There is a growing need for the market to be supported by fresh talent who 
have been given the tools to approach the delivery software in a modern way. Thus helping to stabi- 
lise the current imbalance. 


[BSD Mag]: What are you looking for in the candidates? Passion, good education, skills? 
Maybe something else? 


[VH]: Culture fit! | used to think it was just a bit of a buzz word, until you start to get really close to 
some of these companies and you can see the nuances of their culture that have lead to their suc- 
cess. From the candidate side, it's the same- engineers are valuing day to day happiness over all 
else. 


| always look for home projects. That’s when you discover a lot about an engineer. Do they clock 
out at 5:30 and forget about technology? Here you see the passion, and the eagerness to learn and 
discover more. 
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[BSD Mag]: You are passionate about women in IT industry. Do we need more of them? 
There has been always one stereotype that it’s not a female industry... 


[VH]: Yes, of course! It’s just about diversity full stop- every team, organisation and industry 
needs it. The studies have been done, and the results show massive benefits for companies and 
for society. The stereotype comes from a lack of role models. I’m sad to say that | wanted to be 
an engineer when | was in school, being good at maths | was looking for a way to use that, but | 
heard somewhere that it was a job for boys. There’s the stereotype that has been there since | 
was a child. It’s great to be living through a massive shift, though- we are seeing tech companies 
making a stand and children (boys and girls) coding from an early age. Time is the biggest cata- 
lyst for change. 


[BSD]: Do you think that women working in IT industry are mistreated? 


[VH]: | haven't experienced mistreatment, per se- | think that needs to be defined as to what you 
mean by mistreatment. | believe there are some barriers, but mistreatment seems a little harsh. 


[BSD Mag]: What are the strong sides of having a female software developer? Or generally 
of women in this industry? What are they weak at and what is the hardest thing they have 
to deal with? 


[VH]: Its a fact- people who come from different backgrounds think a little differently. You 
wouldn't want to build a team who are all the exact same. Women aren't necessarily better or 
worse at anything they’re just different- as we all are. The hardest thing women have to deal with 
in this space is dependent on so many factors- company they work for, the team they’re on, etc. 
Self belief and limiting beliefs is the biggest I’ve seen. Again, this can often come down to role 
models- if it’s not visible that someone has done what you're looking to do in the past, it can be 
difficult to believe that you can. 


[BSD Mag]: What have you experienced yourself as a woman in this industry? 


[VH]: As a woman in this industry, my experience has not been defined by being a woman. Par- 
ticularly as a business woman, | think it’s been easier to be part of this world- | don’t have to learn 
golf to get face time, | just need to pop along to a meetup! As a woman in this industry in lreland- 
| see so much change and focus on tackling this issue. People are talking about it, leaders are 
promoting it and companies are trying to do something about it. It’s a wonderful time, but with a 
long journey ahead. 
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[BSD Mag]: You have bachelor of arts, am | right? Where does the interest in technology 
come from? 


[VH]: To be honest, | fell face first into this world, | hadn’t a clue, everything was new and 
strange- but | quickly fell madly in love! As | said, | had always wanted to be some sort of an engi- 
neer- and | just ‘got it’. Having indepthly studied societal influences to change in my BA, | quickly 
realised that nothing has changed the world so exponentially as technology, and it will continue to 
do so. You’re either in it or you’re going to be left behind. 


[BSD Mag]: Is there is anything you would like to tell our readers? Any advice? 


[VH]: Children today will drive the real change in fixing this gender gap. In the western world any- 
way, girls and boys live in a world where there is no difference. It is our responsibility to ensure 
that there is a clear road for them and people they can look up to. If you are a senior woman in 
technology, let everyone know, go out of your way to be visible. If you are just starting out, don’t 
hold yourself back, to quote Sheryl Sandberg- A career is no longer like a ladder; it's like a jungle 
gym- take your time to find an organisation where you can comfortably excel. 


About Valerie: 


Valerie is a technology enthusiast and entrepreneur. Rela- 
tively new to the industry she spotted the potential in De- 
vOps, and has gained a unique knowledge as the sole spe- 
cialist in Ireland. With this knowledge she can successfully 
— spot the DevOps requirement, provide a valued solution and 
accelerate business. After her successful spell with global 
_ leader Computer Futures, becoming Dublin rookie of the 
year, she decided to join Speerhead to approach the DevOps 
__ community from a local level. Having spoken to 100s of peo- 
i ple and attended industry and user events, her strong per- 
sonal links have enabled her to position Speerhead Ireland at 
the heart of Dublin’s tech scene. Valerie is also passionate about Women in IT and Women in 
Business, actively working to promote more female leaders in Ireland. 
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10 Things Your CIO Should Know 
About TrueNAS 


by Mark VanFange 


We could write volumes about all the benefits of TrueNAS 
and why it should be in your workplace. For the sake of 
brevity, however, we’ve narrowed it down to ten things your 
ClO should know about TrueNAS before deciding on a stor- 
age solution. 


1. It’s Both a SAN and a NAS 


TrueNAS Unified Storage is hybrid or all-flash storage built on a modular, state-of-the-art hard- 
ware platform. TrueNAS is an enterprise storage array with the availability, performance, and fea- 
tures needed by your business applications. It unifies SAN and NAS in one appliance and pro- 
vides a wide variety of services and protocols on top of a best-in-breed file system that guaran- 
tees data integrity at every step. 


2. It’s Award Winning 


Analysts say that TrueNAS is a winner. DCIG, a leader in storage analysis and a go-to resource 
for evaluating storage systems, rated TrueNAS as “Excellent” and gave it a “Best-In-Class” rating 
for hardware. This is higher than storage arrays from Dell, EMC, Fujitsu, Hitachi and Nimble. 
DCIG shows that you can acquire the majority of the enterprise features as these big names for 
much less. 


3. It’s Fast 


TrueNAS gives you the performance you need with a cache-first design approach that delivers 
blistering performance from flash memory for your most frequently and recently accessed SAN 
and NAS data. TrueCache™ combines RAM and nonvolatile flash with high-density spinning 
disks to give you the performance of an all-flash array with the capacity of an all-HDD one. It will 


save you money when you need to increase capacity or performance. 
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4. It’s Safe 


TrueNAS ensures you retrieve the same data that you wrote. It checksums your data whenever it 
is written and verifies those checksums when data is read. It even checksums the metadata that 
describes the file system and allows you to periodically verify all checksums to determine if infre- 
quently used data or backups are suffering from silent data corruption. 


5. It's Economical 


Some storage vendors lead with lower-cost to get your business, but then require more money to 
unlock features or to increase capacity. TrueNAS offers a full suite of enterprise features right out 
of the gate. You can acquire a TrueNAS hybrid storage array with 120TB capacity for under 
$25,000. Other vendors, like Nexenta-based solutions can run you closer to $120,000 and EMC 
and NetApp can be over a quarter of a million dollars. There’s no question that TrueNAS is 
hands-down the best value in Hybrid Storage. 


6. It’s The World's Most Actively Developed Storage Array 


TrueNAS is the most actively developed commercial storage software on the planet, made possi- 
ble by the contributions of the vivacious FreeNAS community, but hardened and tuned for the un- 
compromising stability and performance that businesses require. FreeNAS makes many of the 
features available on TrueNAS available in an Open Source platform to users who wish to de- 
sign, deploy, and administer advanced storage systems on their own. This gives the FreeNAS, 
and therefore TrueNAS, codebase a larger pool of users and use case implementations than any 
major storage vendor. iXsystems allows these features to mature in the FreeNAS community be- 
fore the development team implements them in TrueNAS, bringing more overall stability to True- 
NAS and a quicker path to new features. 


7. It Saves on Physical Storage 


TrueNAS Adaptive Compression (TAC) works with the TrueNAS file system to analyze a file and 
automatically determine whether the file is compressible, without any noticeable performance re- 
duction. In fact, because TAC uses the CPU to compress data before writing data to the hard 
disks, it actually speeds up performance. TrueNAS also includes thin provisioning, which com- 
bined with the TAC means you have to purchase less physical storage for your critical business 
applications. You can build a configuration that holds nearly 4PB, which can grow to nearly 10PB 
after storage optimization. 


8. It’s Enterprise Ready 


Expanding TrueNAS storage is simple and non-disruptive. 


BSD 


MAGAZINE 


51 


TrueNAS STREET 





Every TrueNAS model supports data corruption protection, replication, file and block protocols, in- 
line storage optimization, thin and thick provisioning, online capacity expansion, storage controller 
redundancy, hot spares, and redundant power and cooling. When drives are inserted, their capac- 
ity becomes available for use, allowing for seamless capacity expansion without service interrup- 
tion. To add or increase cache, just insert a cache device, and it is available for use. To upgrade 
any model to high availability, you simply add a second storage controller. If you need to move be- 
tween models to increase performance, it’s as easy as replacing storage controllers, and network 
controllers can be added for additional network connectivity. TrueCache™ ensures cache coher- 
ency for High Availability systems. 


9. It Comes With White Glove Support 


TrueNAS is more than just an storage array — it also includes iXsystems Professional Support. 
Opening a support ticket is easy, you don’t even have to leave the TrueNAS GUI. If you need help 
with TrueNAS, you will speak with a team of dedicated support engineers located at iXsystems 
headquarters in Silicon Valley, CA. The support team has direct access to the people who design 
and build TrueNAS, whom they can quickly call on if the situation warrants. 


10. It’s Certified by Leading Hypervisor Vendors 


TrueNAS integrates with all major virtual machine environments, enabling you to deploy VMs and 
virtual desktops (VDI) in minutes and run more operating environments on a single host from a 
single, hassle-free array. 


TrueNAS has been developed to meet Citrix, Microsoft and VMware standards and has been 
through each vendor’s certification process. TrueNAS supports their hypervisors and is integrated 
with VMware VAAI as well as Microsoft CSV, ODX, and VSS. TrueNAS provides instant and 
crash-consistent snapshots of any VMware VM, allowing you to replicate a VM and restart it. This 
makes TrueNAS ideal for any virtualized infrastructure. 


Conclusion 


In addition to this list, i<systems combines almost 20 years of enterprise server production exper- 
tise and a dedicated Open Source software development team to bring customers TrueNAS enter- 
prise storage systems. It is important to realize that every hardware component has been se- 
lected, designed, and tested to meet the requirements of mission critical storage applications. 
Our expert staff works closely with your team to ensure that your TrueNAS system is exactly what 
you need. This makes TrueNAS more desirable than strictly software-defined storage solutions 
that force customers to make hardware decisions on their own and to work with vendors that do 
not have software expertise. These are just some of the things that should make TrueNAS the 


clear choice for your storage infrastructure. 
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Presidential hopeful Hillary Clinton has joined an ever in- 
creasing vocal group to argue for the weakening of data en- 
cryption. In light of the horrific and inhuman terrorist at- 
tacks in Paris this month, what are the implications of such 
ideology but more importantly how, as technologists, 
should we address such a moral quagmire? 


by Rob Somerville 


And so, after such atrocities as the recent Paris attacks, the inevitable knee-jerk reactions and 
slamming of stable doors begins. Politicians, lawyers, media commentators et al have immedi- 
ately switched into the mode “We haven't got a clue how to solve this but have got to be seen to 
be doing something”. I'll be the first to admit that other than finding a global and long term diplo- 
matic, moral and political solution to the current crisis, the only way forward would appear to fa- 
vour carrying on as a species shooting and bombing each other ad nauseum. So business as 
usual then. Other than that, | am at a complete and total loss as to how we can reconcile the irrec- 
oncilable. Whether the war takes the form of traditional armaments or is based at the digital level, 
until we can isolate the bad guys to the point that we can justly deal with them, we will always be 
on the back foot. Of course, the other side will be saying the same thing, but statistically they 
have the edge. To quote the Rand Corporation blog, “Terrorists have to be lucky once; targets, 
every time”. So it is no surprise then that the political reaction is the counter intuitive response, 
“Weaken our defences so that we may become stronger”. To the political mindset, this makes per- 
fect sense. 


What we are facing is one of the results of the law of unintended consequences. Thirty years ago, 
IT was dominated by specialists and professionals, and while there have always been bad guys 
in every barrel, it was fairly clear who the perpetrators were, but more importantly, the threat was 
manageable. Then came the age of the democratisation of technology, and every man and his 
dog has become an IT guru. Moreover, the footprint of the black hats (be they hackers, criminals 
or terrorists) has correspondingly increased. The domain, previously occupied by professionals, 
corporations, governments and a few specialist hobbyists, is now littered with “cut and paste” 
script kiddies, anarchists, political agitators and various other malcontents, trolls and troublemak- 
ers. Thankfully, only 46% of the world is currently online according to internetworldstats.com. 
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The natural response to the development of technology and any major advance in society has 
always been regulation and law. And often that enacted law has teeth. Interfering with the Royal 
Mail is a treasonable offence, and until a few generation ago, carried a potential death sentence. 


Hence, the lengthy deterrent sentence passed to the great train robbers in the UK. Some would 
argue this sentence was unjust, as many murderers served less time. But what can our moral 
guardians do when the evidence of the crime (or potential crime) is hidden, obfuscated, or in- 
deed encrypted? In the hands of a good defence lawyer, circumstantial evidence can always be 
relegated to weak evidence. After all, with the exception of parts of Europe, in law, the body of 
evidence needs to be beyond all reasonable doubt. And while the perverse and naturally unjust 
mentality exists that the perpetrator would rather die than face a jury of their peers, it is no sur- 
prise the focus has shifted from proof in court to the suspicion of all, with the polished rider “If 
you have nothing to hide you have nothing to fear”. 


But we all have something to hide. Affairs of the heart, embarrassing photos, our financial state 

of affairs, the condition of our bodies, commercial secrets. These, and many more data sets be- 
sides, are quite rightly confidential. Sadly though, the tranche and body of law and resources 

that protects governments, corporations and other established bodies is not always available to 

the common man. The storm of righteous indignation by multinational organisations when their 

dirty washing is exposed for all to see by hackers is inevitably met, if not always by the full 

weight of the law, at least by a thorough witch hunt in the media. If | am hacked, on the other 

hand, | will just become another statistic. Sure, on paper | have the legal right to pursue the per- 
petrators, but like most of the general populace, | don't have the financial resources to do so. 

So as a priority, while lots of noise is made about rights and responsibilities, | am at a major dis- 
advantage. And let's be honest here, even with a fully patched system, we are in the perilous 

state that anyone who really wants access to our data can gain access by zero day exploits, etc. 

With the Internet of Things rapidly increasing its footprint, the number of attack vectors will in- 
crease exponentially. Adequate encryption is one of the few tools as an individual | have in my 

arsenal. And these risks exclude what the men in long dark trench coats may think of my brows- 
ing history, social circle, or political opinions. 


But data security isn't just about remote access, the ability to view information either by legal 
means in terms of government or illegal means by the black hat, as Hillary Clinton has found out 
to her cost. Wiping documents (or indeed for that matter a personal email server) does not al- 
ways guarantee confidentiality. Data can be recovered. Our personal footprint may be entirely in- 
nocent, but in the hands of a skilled forensic investigator, much circumstantial evidence can be 
resurrected. 
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Be that from physical media, or the breadcrumb trail left on the Internet. In the hands of a good 
propagandist, even the most innocent swathe of evidence can be turned against you. It all de- 
pends on trust. As always, like a giant Ponzi scheme, it all comes back to who watches the 
watchers - Quis custodiet ipsos custodes? 


The ethical imperative and necessity for secure communications has been more than adequately 

demonstrated through history. Breaking the seal on a confidential document to the king would 

result in dire punishment; in time of war, even more so. Today, millions of people depend on this 

protocol, from business to banking to just browsing. The implications of lowering our defenses 

not only plays straight into the hands of our enemies, but flies in the face of one of the major 

growth areas in IT today — Data and Information security. As always in these spirals of descent, 

the solution to the bigger mouse is to build a bigger mousetrap, rather than breeding bigger 

cats. The mice, however, inevitability evolve. Like the examples in the dark ages of decapitated 

heads on poles, the lesson is soon learned and the opposition changes its tactics. Law enforce- 
ment and the security services are slow to change, are often underfunded and so they loose the 

momentum. More draconian laws are implemented, the pendulum swings the other way (often 

due to circumstances in spite of, rather than because of, the law) and the cycle repeats itself. Lit- 
tle thought is given to the fact that the lawbreaker cares naught about what the law says or 

thinks, other than to use it to his or her advantage. A bit like technology really. There has been a 

recent uptake in the use of drones to deliver contraband to prisoners incarcerated in UK prisons. 

Rather than securing the prisons, | bet that there will be some legislation or licensing emerge to 

counter this threat. And will the criminals care? 


Yes, we should allow the security services to view our meta-data and traffic, should we appear 
on their radar, but this right should only be granted provided there is sufficient unequivocal hard 
evidence against us of criminality. And that right must only be granted by an impartial qualified 
judge, but preferably by a jury of our peers. Not just granted carte blanche to anyone with ac- 
cess or technical ability. We would all feel violated if somebody picked the locks of our house 
and spent a day wandering around. Even more so with our relationships, attitudes and transac- 
tions. 
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No, implementing such a knee-jerk policy as weakening encryption will not only threaten na- 
tional security, commerce, and individual rights, but will send a clear message to the bad guys — 
we really think you are stupid. Even if we blacklisted huge swathes of the Internet, there are 
more than enough techniques available to communicate — be it smoke signals, flashing torches, 
pigeons or dead letter boxes. As the West and the Stazi found out during the cold war, such 
methods are time and manpower intensive to police. And this all apart from the increasing the 
threat from criminal and foreign state level. After all, the black market drug economy has suffi- 
cient illegal money floating around to purchase a Cray supercomputer or two. As technologists 
and professionals, we need to remind those in power of the historical ramifications of such idi- 
ocy. After all, much has been said about the large part that Bletchly Park played in winning 
World War Two. Without the capture and reverse engineering of the Enigma boxes, we may not 
have won the war. But this argument cuts both ways. Goodness knows how we communicated 
during the war, but we were not as arrogant as to place all our eggs in one basket and think we 
were invincible. We may have been so impoverished to have guns carved out of balsa wood and 
cardboard tanks in the desert, but at least we made a token effort at pretending there was some 
defense in place. 
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